Sunday, June 16, 2013

Which SRA pigeonhole does your firm fit in?

Recent SRA research identifies that different groups of law firms are motivated by different factors and that the regulatory approaches to non-compliance may need to vary depending on which group is being looked at (e.g. whether deliberately non-compliant or unconsciously compliant),however, it does identify in its sample that the most firms are unconsciously non-compliant.

According to the SRA, your firm will fall into one of the following categories :

Unconsciously compliant: those who do not know the rules very well and who unknowingly comply with them (for instance, because they copy other behavior, such as people do in traffic).

Unconsciously non-compliant: those who break the rules because they do not know the rules well.

Spontaneously compliant: those who know the rules and would comply with them off (sic) their own accord, even if (in theory) there were no enforcement whatsoever.

Spontaneously non-compliant: those who know the rules and would always break them spontaneously, regardless of the risk of inspection, the risk of detection, the risk of punishment or the severity of the potential punishment.

Firms deterred by enforcement or calculatingly compliant firms: the firms who know the rules and who would break them, but rather decide against it with a view to enforcement activities.

You might want to read the very detailed report on how the SRA intend to deal with you.

Wednesday, June 12, 2013

It ain't what you do, it's the way that that you prove it.

You won't hear many compliance consultants say that it’s not enough to have policies, it’s not enough to have procedures, and it’s not enough to have a great client-care letter or Terms and Conditions or a complaint web-site. It’s certainly not enough to have good intentions. All of these  help. But to be successful, compliance must be an embedded part of your firm’s culture. A external compliance expert can't do that . . . only you, the COLP, can.

If this blog is posted on another site (other than, chances are that that there will be  compliance consultants urging you  to enlist their help in setting up your client care letters, Terms of Business, your file opening procedures, etc.  Whilst it's very tempting to try to outsource your compliance,  the best way of dealing with compliance is for the COLP  to require everyone to contribute to compliance and to be armed with a compliance management system.

Compliance management cannot be viewed as a set of simple evaluations, each having a binary “compliant” / “non-compliant” result. It must be possible for you to answer straight-forwardly “who”, “why”, and “how” questions about your risk registers and compliance plans. The SRA may ask for deep management information because they understand that compliance failures or problems are driven by constituent compliance components.

A point-in-time compliance management system for the COLP to complete that obscures result drivers does not serve its purpose. Most compliance technologies claiming to manage risk  policies, tasks, alerters, and  diaries are really just sophisticated ways of ensuring that  a process can be demonstrated. It is window dressing--or what I call ‘fig leaf’ technology.

An effective compliance system will let you trace the factors that underpin overall compliance.

Systems like CLIENTCAREmonitor implement the Pareto principle, concentrating their efforts on identifying and managing 20% of genuinely high-risk matters--high-risk for claims, for money laundering and for compliance risk. Taken together, the system forces risk management into the day-to-day culture of lawyers and the firm as a whole starting with that pause for thought before a lawyer completes the on-line client-take-on checklist and file closure checklist. The culture is reinforced because the lawyers know that high-risk cases are notified to the COLP and MLRO via their own dashboard.

Real compliance includes controls and measurements with solid reliability whether they demonstrate desired results or results that are borderline or below target levels. And yes, these may highlight a material breach,  but at least you will be aware of it early!  It is better to know about a risk from the outset than to be surprised to learn the compliance system or culture is flawed after the SRA have their claws in you.

Sunday, June 9, 2013

2014 : The dawning of the value of matter data. Are you ready?

Historically, knowledge management for law firms has predominantly been precedent /document-centric – creating and collecting documents, filing, profiling and retrieving them – but in the near future,law firms will need to be able to manage knowledge around matters.

The reason for the shift of focus to matter data is driven by three main factors:

  1. The new regulatory environment dictates (albeit not overtly) that management information is required to evidence a firm’s ability to manage risk and identify high risk matters. Law firms who demonstrate an ability to score their matters will in turn receive a higher risk score by the SRA and therefore enjoy a less intrusive relationship with their regulator.
  2. Underwriters for PI Insurers are increasingly looking at ways to better manage the profile of firms that they cover. As the legal sector, via the SRA is having to produce evidence of good risk management  and as the insurance sector becomes less competitive underwriters will favour insuring firms with deep management information.
  3. The recent opening up of the legal market will lead to firms being purchased. Consolidation is inevitable. Part of any due diligence on a firm by a potential acquirer or sophisticated external investors will undoubtedly involve looking at the quality of a firm's management information and risk processes.

While legal  matters are the ‘product’– the service unit that law firms sell to their clients – the legal industry has never before developed a holistic, automated approach to managing matters. Yes, most firms have fragmented and partial solutions to managing aspects of matters, including conflicts databases, client relationship management (CRM) systems, case management systems (CMSs), billing systems and the like, but very few firms have a single overarching system to analyse matter data.

The primary benefit of having technology to examine matter data is to reduce risks throughout the matter lifecycle.

So, why hasn't the legal industry come up with this system yet?

There are two reasons: first, because we’ve been able to get along without it. For the reasons set out above the landscape up until now has not dictated a need for it. After all solicitors are a group of highly skilled people who can and do tackle tough problems as they come up without a manual.

The second reason is that, until recently, creating this overarching system was impossible to do. With so many variable elements, solicitors were unable to track and manage everything.But, by now harnessing access to growing computing power and the ability to integrate information from different systems, the impossible is now possible.
By connecting all the dots, software such as ClientCare Monitor can provides COLPs and COFAs  with visibility to matter data based on an adjustable scoring metric, allowing them to risk score matters, identify training needs,conduct trend analysis or compare related matters for pricing and business development.

Of course, for many firms, there is simply not enough time or margin to invest in rethinking the value of matter data. The vast majority of firms will take a ‘wait and see approach’. The new regulatory landscape thus far thus done little to change habits or processes. In a tragic economic climate there is simply not enough slack to focus on long-term risk management, too much urgency in the now to take the time and to plan ahead.The short term bills make it easy to ignore the long-term opportunities.

To quote the Seth Godin the an American entrepreneur, author and public speaker : “We're going to spend our entire future living in tomorrow—investing now, when it's difficult, is the single best moment”.

What senior management will want to know from their COLP and COFA

COLPs and COFAs  will be spending a lot more time with the other partners or co-owners of the firm in the future.

The SRA will be increasing pressure— and in some cases liability—on firms to keep up with regulatory demands, which means the firm’s management will increasingly lean on the COLP and COFA to keep them informed.

The SRA have made it clear that the COLP will not be a sacrificial lamb and owners of the firm can not simply ‘pass the buck’. The SRA guidance notes state “the existence of compliance officers in a firm and the requirements on them to ensure that the firm, as well as its managers and employees, are complying with the regulatory arrangements is not a substitute for the firm’s and manager’s responsibilities” the notes go on to clarify  “The firm and its managers are not absolved from any of their own obligations and remain fully responsible for compliance.”   In other words, the firm and its managers need to be knowledgeable about the content and operation of the compliance program to prevent and detect regulatory breaches and exercise reasonable oversight.

The dilemma for the COLP and COFA , however, is striking a balance between too much and too little information. A high-level report, issued only at infrequent intervals, may not be detailed enough to get the job done. Granular reporting runs the risk of data overload or taking too much time for the management of the firm to wade through.

The firm’s management should want to know is how their own programs live up to the hallmarks of an effective program in the eyes of the SRA. Ultimately it boils down to one question: ‘How do we know it is working?’

The managers should be looking for assurances that the firm doesn’t merely have “paper programs” or “point in time programs” that are not adequately tracked or analyzed. It is not enough to have a checklist just sitting on a shelf gathering dust or a software equivalent to an Excel spreadsheet with a list of SRA requirements to be completed a few days before the SRA annual report is due. Almost all of the current COLP software packages that I have seen to date claiming to manage compliance are “flat” – policies, tasks, alerts, diaries – really just sophisticated ways of ensuring a process can be demonstrated.

Whilst the Firm’s management need not be interested in the minutiae of specific compliance issues the should seek the comfort of knowing that there are systems in place that keep track of compliance requirements.

Whilst law firms may be struggling to keep pace with increased demands on the limited time and resources at their disposal at the very least they should be asking questions about what’s really going on with their culture and whether they have the right processes and protocols to comply with the new SRA regime. Even just inquiring can cause a ripple effect, and the compliance function does a better job because the owners of the firm are focused on them.

COLP and COFA Seminars - Putting clients at the forefront of your compliance strategy

A number of free CPD seminars, sponsored by Searches UK are being put on over the summer period. The seminars are being given by Tim Prior Director of PNCR.

The seminars focus on client care being at the center of a compliance strategy. The cognoscenti in the legal industry are starting to verbalise that as much 90% of compliance queries stem from client files.

This very practical seminar will cover:
  • Recent developments in compliance
  • COLP and COFA: core duties and obligations
  • Culture: is compliance a team activity?
  • Breaches: identification, analysis and reporting
  • Client-focused legal matter management technology solutions
A list of dates for the COLP seminars can been seen here .


Sunday, June 2, 2013

Core characteristics of the best COLPs

If there was one word to describe “frame of mind” of most COLPs today, it would be “uncertain”.  The introduction of OFR and the new SRA handbook has left the legal industry in a rather confused state. Firms are now being forced to interpret rules and hope that they’ve got it right. I hear it every day in conversation with clients and prospects alike.

Once the dust settles in a couple of years time the answer will likely change to ‘overwhelmed’. If the regulators landscape proves to be similar the financial services industry COLPs will be overwhelmed simply by the pace of change.  

I am very fortunate to have worked with with some of the UK’s most effective compliance experts in the legal sector.  These experts have “walked the plank” and really understand what it takes to effectively manage compliance in a law firm.  They have pointed to several common characteristics that enable a COLP to avoid being “overwhelmed” and manage today's complexity with confidence.  These common characteristics include:

  1. Defining the firm’s compliance priorities: Here the COLP invests in determining what success looks like. They consider the firm’s “real” compliance risk and determine what they can, and more importantly, cannot do. They focus on this abbreviated list of priorities.
  2. Proactively set their personal targets: Some stress is inevitable, but the most successful COLPs understand that too much stress is counter-productive. They try to maintain balance in the midst of all this chaos.
  3. Focusing on priorities : The most effective COLPs focus on the previously defined priorities, not on everything. All areas of compliance can be addressed over time, but not all at once. The SRA don't expect you to get everything covered day one as long as you can show what your intentions are. It is easy to be overwhelmed when you look beyond the top priorities and you allow the peripheral issues to haunt you.
  4. Delegation and use of resources: The most productive COLPs really understand the art of delegation and how to utilise the skills of other members of the firm. Outsourcing as a form of delegation and understand that outsourcing non-core competencies are critical. They think through what can and should be delegated or outsourced to others, both inside and outside the firm. Again, good COLPs focus on their core competencies and effectively leverage the experience and expertise of others.